First published: Tue Apr 30 2019(Updated: )
The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.
Credit: vulnreport@tenable.com vulnreport@tenable.com
Affected Software | Affected Version | How to fix |
---|---|---|
Crestron AM-100 firmware | =1.6.0.2 | |
Crestron AM-100 | ||
Crestron AM-101 firmware | =2.7.0.2 | |
Crestron AM-101 | ||
Barco wePresent WiPG-1000P firmware | =2.3.0.10 | |
Barco wePresent WiPG-1000P | ||
Barco wePresent WiPG-1600W firmware | <2.4.1.19 | |
Barco wePresent WiPG-1600W | ||
Extron Sharelink 200 Firmware | =2.0.3.4 | |
Extron ShareLink 200 | ||
Extron Sharelink 250 Firmware | =2.0.3.4 | |
Extron Sharelink 250 | ||
Teqavit Wips710 Firmware | =1.1.0.7 | |
Teqavit Wips710 | ||
SHARP PN-L703WA firmware | =1.4.2.3 | |
SHARP PN-L703WA | ||
Optoma WPS-Pro firmware | =1.0.0.5 | |
Optoma WPS-Pro | ||
Blackbox Hd Wireless Presentation System Firmware | =1.0.0.5 | |
Blackbox Hd Wireless Presentation System | ||
InFocus LiteShow3 firmware | =1.0.16 | |
InFocus LiteShow3 | ||
Infocus Liteshow4 Firmware | =2.0.0.7 | |
InFocus LiteShow4 | ||
Crestron Multiple Products | ||
All of | ||
Crestron AM-100 firmware | =1.6.0.2 | |
Crestron AM-100 | ||
All of | ||
Crestron AM-101 firmware | =2.7.0.2 | |
Crestron AM-101 | ||
All of | ||
Barco wePresent WiPG-1000P firmware | =2.3.0.10 | |
Barco wePresent WiPG-1000P | ||
All of | ||
Barco wePresent WiPG-1600W firmware | <2.4.1.19 | |
Barco wePresent WiPG-1600W | ||
All of | ||
Extron Sharelink 200 Firmware | =2.0.3.4 | |
Extron ShareLink 200 | ||
All of | ||
Extron Sharelink 250 Firmware | =2.0.3.4 | |
Extron Sharelink 250 | ||
All of | ||
Teqavit Wips710 Firmware | =1.1.0.7 | |
Teqavit Wips710 | ||
All of | ||
SHARP PN-L703WA firmware | =1.4.2.3 | |
SHARP PN-L703WA | ||
All of | ||
Optoma WPS-Pro firmware | =1.0.0.5 | |
Optoma WPS-Pro | ||
All of | ||
Blackbox Hd Wireless Presentation System Firmware | =1.0.0.5 | |
Blackbox Hd Wireless Presentation System | ||
All of | ||
InFocus LiteShow3 firmware | =1.0.16 | |
InFocus LiteShow3 | ||
All of | ||
Infocus Liteshow4 Firmware | =2.0.0.7 | |
InFocus LiteShow4 | ||
All of | ||
=1.6.0.2 | ||
All of | ||
=2.7.0.2 | ||
All of | ||
=2.3.0.10 | ||
All of | ||
<2.4.1.19 | ||
All of | ||
=2.0.3.4 | ||
All of | ||
=2.0.3.4 | ||
All of | ||
=1.1.0.7 | ||
All of | ||
=1.4.2.3 | ||
All of | ||
=1.0.0.5 | ||
All of | ||
=1.0.0.5 | ||
All of | ||
=1.0.16 | ||
All of | ||
=2.0.0.7 | ||
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-3929 is a command injection vulnerability affecting multiple products including Crestron AM-100, Crestron AM-101, Barco wePresent WiPG-1000P, Barco wePresent WiPG-1600W, Extron ShareLink 200/250, Teq AV IT WIPS710, SHARP PN-L703WA, and Optoma WPS-Pro.
CVE-2019-3929 has a severity rating of 9.8 (Critical).
The products affected by CVE-2019-3929 are Crestron AM-100, Crestron AM-101, Barco wePresent WiPG-1000P, Barco wePresent WiPG-1600W, Extron ShareLink 200/250, Teq AV IT WIPS710, SHARP PN-L703WA, and Optoma WPS-Pro.
To fix the CVE-2019-3929 vulnerability, users should apply the latest firmware updates provided by the respective vendors.
You can find more information about CVE-2019-3929 at the following references: [1] [2] [3].